[go: up one dir, main page]

WO2007067424A3 - Forensics tool for examination and recovery of computer data - Google Patents

Forensics tool for examination and recovery of computer data Download PDF

Info

Publication number
WO2007067424A3
WO2007067424A3 PCT/US2006/045977 US2006045977W WO2007067424A3 WO 2007067424 A3 WO2007067424 A3 WO 2007067424A3 US 2006045977 W US2006045977 W US 2006045977W WO 2007067424 A3 WO2007067424 A3 WO 2007067424A3
Authority
WO
WIPO (PCT)
Prior art keywords
present
electronic discovery
data
target machine
forensic
Prior art date
Application number
PCT/US2006/045977
Other languages
French (fr)
Other versions
WO2007067424A2 (en
Inventor
David Sun
Original Assignee
David Sun
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/294,560 external-priority patent/US7644138B2/en
Priority claimed from US11/294,562 external-priority patent/US7640323B2/en
Application filed by David Sun filed Critical David Sun
Publication of WO2007067424A2 publication Critical patent/WO2007067424A2/en
Publication of WO2007067424A3 publication Critical patent/WO2007067424A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • Theoretical Computer Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Storage Device Security (AREA)
  • Automatic Analysis And Handling Materials Therefor (AREA)

Abstract

The present invention concerns an electronic forensic tool for conducting electronic discovery and computer forensic analysis. The present invention allows a non-technical person such as a non-forensic expert to conduct electronic discovery and thereby obviate the need for an expert in many situations. The present invention allows for electronic discovery in a forensically sound manner. The present invention also concerns a business method for electronic discovery involving a software program and a command server for generating expanded functionality. The client software may be distributed at minimal or no cost, preferably as a CD. Using the client software, a user boots a target machine to determine whether a target machine contains data of interest. The client software will, however, only display limited data such as file information, date, last modified, and file size. To access and examine the actual underlying data, the user must obtain additional functionality, e.g. by purchasing a command block from the control server. The additional functionality will allow the client program to extract the data of interest or the entire contents of the target machine to an external device for further analysis.
PCT/US2006/045977 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data WO2007067424A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US11/294,560 2005-12-06
US11/294,560 US7644138B2 (en) 2005-12-06 2005-12-06 Forensics tool for examination and recovery and computer data
US11/294,562 2005-12-06
US11/294,562 US7640323B2 (en) 2005-12-06 2005-12-06 Forensics tool for examination and recovery of computer data

Publications (2)

Publication Number Publication Date
WO2007067424A2 WO2007067424A2 (en) 2007-06-14
WO2007067424A3 true WO2007067424A3 (en) 2009-06-04

Family

ID=38123390

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2006/045977 WO2007067424A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data
PCT/US2006/045978 WO2007067425A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US2006/045978 WO2007067425A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data

Country Status (1)

Country Link
WO (2) WO2007067424A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7835811B2 (en) 2006-10-07 2010-11-16 Voxelogix Corporation Surgical guides and methods for positioning artificial teeth and dental implants
KR100901743B1 (en) * 2007-06-21 2009-06-10 유비타스(주) Digital Forensic System and Method
GB2454715A (en) * 2007-11-19 2009-05-20 Ali Jahangiri Computer program for extracting forensic data form a target computer
GB2470198A (en) * 2009-05-13 2010-11-17 Evidence Talks Ltd Digital forensics using a control pod with a clean evidence store
JP4898934B2 (en) 2010-03-29 2012-03-21 株式会社Ubic Forensic system, forensic method, and forensic program
JP4868191B2 (en) * 2010-03-29 2012-02-01 株式会社Ubic Forensic system, forensic method, and forensic program
US9864878B2 (en) 2015-07-27 2018-01-09 International Business Machines Corporation Event log tamper detection
KR101864790B1 (en) * 2016-11-30 2018-06-07 충북대학교 산학협력단 Drive mounter system and method for digital forensic
CN111858479A (en) * 2020-07-29 2020-10-30 湖南泛联新安信息科技有限公司 A portable acquisition method of software samples based on target equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152397A1 (en) * 2001-04-06 2002-10-17 Mckay Drew Virtual investigator
US20040006588A1 (en) * 2002-07-08 2004-01-08 Jessen John H. System and method for collecting electronic evidence data
US6687700B1 (en) * 2000-11-09 2004-02-03 Accenture Llp Communications system for supporting inter-dependent data messages
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6687700B1 (en) * 2000-11-09 2004-02-03 Accenture Llp Communications system for supporting inter-dependent data messages
US20020152397A1 (en) * 2001-04-06 2002-10-17 Mckay Drew Virtual investigator
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040006588A1 (en) * 2002-07-08 2004-01-08 Jessen John H. System and method for collecting electronic evidence data
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Also Published As

Publication number Publication date
WO2007067425A2 (en) 2007-06-14
WO2007067425A3 (en) 2009-06-04
WO2007067424A2 (en) 2007-06-14

Similar Documents

Publication Publication Date Title
WO2007067425A3 (en) Forensics tool for examination and recovery of computer data
WO2008032200A3 (en) Method, apparatus and computer program product for providing standard real world to virtual world links
TW200721828A (en) Imaging device, information processing method, and computer program
WO2006108865A3 (en) Methods for granting access to resources modifiable by users in a computer environment, and resources structured therefor
WO2007015200A3 (en) Apparatus for monitoring a person having an interest to an object, and method thereof
WO2008032203A3 (en) Method, apparatus and computer program product for a tag-based visual search user interface
TW200609779A (en) Method, system, and apparatus for discovering and connecting to data sources
WO2008024354A3 (en) Apparatus, system, method and computer program for task and process management
EP1884899A3 (en) Efficient processing of operator graphs representing three-dimensional character animation
WO2007095239A3 (en) Aptitude and interest assessment system and method
NO20080375L (en) Generator for electronic data snapshots
WO2006078539A3 (en) System verification test using a behavior model
JP2004234111A5 (en)
WO2007038275A3 (en) Systems and methods for remote storage of electronic data
WO2005104013A3 (en) Enhancing images superimposed on uneven or partially obscured background
WO2006091624A3 (en) System and method for determining information related to user interactions with an application
EP1909194A4 (en) Information processing device, feature extraction method, recording medium, and program
WO2007078396A3 (en) System and method for enabling an action
CN101960419A (en) Building operating system images based on applications
WO2006118768A3 (en) Method and system for applet extensibilty application program interface (api)
WO2007100299A3 (en) Location information communication
WO2007050345A3 (en) Method and system for testing enterprise applications
WO2005033871A3 (en) Method for creating a collection of multimedia interactive graphic elements using arrow logic
JP6015546B2 (en) Information processing apparatus, information processing method, and program
WO2008127235A3 (en) Machine vision system for enterprise management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06838764

Country of ref document: EP

Kind code of ref document: A2